Thanks. If I read the docs right I should be able to use check_policy_service under smtpd_client_restrictions.
I don't know if such a policy server launched frommain.cf would be able to do what I need but if I would use an Inet type Socket I should be able to do what I want with that code since it would be running under it's own context? ------- Original Message ------- On Tuesday, December 27th, 2022 at 12:02 AM, Wietse Venema <wie...@porcupine.org> wrote: > mats: > > > First statement: I'm new to Postfix > > Second statement: I'm old enough that a 30mb harddrive was big > > then I started working with computers ...... > > > 512kB (floppy disk). > > > The Challenge I want to be able to run my own "idp" type script > > when someone tries to connect to my mailserver. Basically I want > > to refuse them even a tcp connection to smtpd if the connecting > > ip is in our internal blacklist. > > > The Postfix SMTP daemon has a number of integration options: > > - The Postfix policy protocol. > https://www.postfwd.org/ is easy to configure. > https://www.postfix.org/SMTPD_POLICY_README.html > > - The Milter protocol (Milter libraries exist for Perl > Python Rust PHP C C++). > https://www.postfix.org/MILTER_README.html > > There is no option to run a program from the SMTP dsaemon. > Network daemons should not be allowed to run other programs. > > Wietse > > > I'm doing it today with an old HMailserver and it's very effective > > so I would like to port that functionality > > > > Before someone says fail2ban so no, fail2ban is way to late since > > it requires log entries from smtpd. I want to kill them before > > they even get a chance to try and log on
